Transport Layer Security (TLS) is a known technology used in digital networks to establish and carry out secure communication between two entities. The communicating entities can be devices such as computers or other electronic apparatus capable of digital communication, and the two entities can be communicating as peers or in a client/server configuration. TLS is implemented using digital certificates which, through public key cryptography and a common trusted entity, enable one or both of the communicating entities to authenticate the other and enable the two entities to exchange information confidentially. Secure Socket Layers (SSL) is an earlier form or predecessor of TLS that has been widely used over the Internet.
TLS is commonly used in TCP/IP networks using x.509 digital certificates which are typically issued by a trusted third party certificate authority (CA) and signed with the CA's private key. The holder (subject) of the certificate can then use it to authenticate itself to other entities. The associated CA public key is distributed to those entities as a part of a self-signed certificate. Authentication of a received digital certificate then involves using the CA's public key to decrypt the digital signature and compare the result to the contents actually contained in the certificate. More specifically, when the certificate is originally signed, a hash is performed of the certificate's contents and the result is encrypted using the CA's private key. This encrypted result is used as the digital signature and is appended to the certificate. Then, to authenticate, a recipient of the certificate uses the public key to decrypt the hash, and then compares this decrypted hash result with its own hash of the received certificate data items that it takes using the same hash function. If the two results match, then this indicates that the contents of the certificate are authentic. That authenticated content includes the certificate holder's (subject's) identity and public key so that the recipient of the certificate can now know that the identity is authentic and can communicate confidentially with the subject using its public key.
The basic structure of an X.509 certificate is given in Table I below. It includes three main fields: a TBS (to be signed) Certificate field containing a number of data items, a Signature Algorithm field identifying the algorithm used in producing the signature, as well as a Signature Value field containing the digital signature that is used by the CA to sign the certificate. The details of x.509 v.3 certificates are contained in RFC 3280.
TABLE Ix.509 CertificateTBS Certificate Version Serial number Signature Issuer Validity  UTC Time  Generalized Time Subject Subject Public Key Info Unique Identifiers ExtensionsSignature AlgorithmSignature Value
In wireless vehicle communication between a vehicle and call center, the use of x.509 or other digital certificates enables TLS to be used to authenticate both the vehicle and call center to each other and to allow confidential exchange of data, programming, or commands. Typically, this communication is via a wireless cellular network using CDMA or other suitable communication technology. Because the size of the certificates can be 1024 bytes or more, the exchange of these digital certificates each time a connection is made can be somewhat costly.